cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8832
Views
0
Helpful
15
Replies

Password recovery

Luisinus
Level 1
Level 1

I bought a 1841 Router on e-bay.

Apparently, it has been configured with "no service password-recovery". The console shows: PASSWORD RECOVERY FUNCTIONALITY IS DISABLED, and it does not respond to Ctrl-Break during boot. AFAIK, this router does not have a removable NVRAM chip - so this method of reset is excluded. Is my only option to RMA it?

TIA, /Luis

1 Accepted Solution

Accepted Solutions

I have the same issue, there are several jumper settings on the motherboard however I cannot find any documentation anywhere if these are of any use.  I find it hard to believe that this router is now a doorstop.  There must be a method.

View solution in original post

15 Replies 15

kyawzawhtut
Level 1
Level 1

I believe you still can go back to factory default without needing RMA.

Press the break-key winthin 5sec after decompress the image. System will prompt you to confirm and after that it will delete the start-up config and back to factory default.

Check this url for different combination of break-key that you can try.

http://www.cisco.com/en/US/products/hw/routers/ps133/products_tech_note09186a0080174a34.shtml

HTH

Plz rate if helpful.

Cheers

Kyaw

Luis,

I believe your understanding is correct. I don't think you can break in when password recovery is disabled in the router.

Actually, if I remember correct the IOS even produces a warning when configuring the no service password recovery command that if the password is lost then RMA will be your only option.

HTH

Sundar

Well, here the steps taken so far:

- About 20 reboots with console cable connected. I have hit Ctrl-Break at every thinkable point, after 5 secs. after boot, when "Image text-base:" appears, etcetc.

- I cross-checked with another 831 I have around to see if the Ctrl-break works there: It does.

- I have taken the Button-Cell battery out of the 1841 for at least 20 minutes, hoping that this would erase the config. I'm not sure what this battery is for, because this had no effect whatsoever.

My assumption was: That it would be possible to use the Ctrl-Break procedure and to expect a "Do you want to reset the router to factory default configuration and proceed [y/n] ?" prompt, but I don't get to that prompt. There is a bit of conflicting documentation out there.

Cheers, /Luis

Luis,

Actually, it appears you should be able to reset the router to the factory default settings when password recovery is disabled. You should be able to break in within 5 seconds after the image decompresses during the boot.

Follow the steps in this document to see if it helps.

http://cisco.com/en/US/products/sw/iosswrel/ps5413/products_feature_guide09186a00802a1e76.html

HTH

Sundar

Luis

I suggest you try the different combination of break key which I gave u in previous post.

May be it is different break-key under no password recovery situation. Who know?

HTH

Cheers

Kyaw

Hi Luis

Do you manage to recover the password? Please update so that we can learn new thing from your experience.

Cheers!

Kyaw

Hi Luis,

As clarified by Sundar, and according to Cisco's website:

No Service Password-Recovery:

Disable password recovery feature provides the ability to disable the password recovery process. With this feature enabled, a hacker with physical access to the router cannot enter the ROMMON and ignore the startup config. For genuine users who have forgotten the password and want to recover the router on which this feature is already enabled, an enhancement to this feature has been made which makes the router to accept the break signal within 5 seconds after rebooting. The user now has the option to boot the router with factory default config.

I'll try to test it for you in lab ASAP.

HTH,

Mohammed Mahmoud.

I have been through 25-30 reboots, following the different recommendations where some say to hit Ctrl-Break when when "Image text-base:" appears, other after 5 seconds into boot etcetc.

I have even tried another terminal program, but the fact that sending a Ctrl-Break to another router (for comparison) works on the first attempt, shows that the Terminal proggie indeed is sending a Break.

I would call this the end of the line, and unless some revolutionary new method turns up, this one will be sent for service.

Cheers, /Luis

I have the same issue, there are several jumper settings on the motherboard however I cannot find any documentation anywhere if these are of any use.  I find it hard to believe that this router is now a doorstop.  There must be a method.

Hi Chris,
Please avoid making multiple post of the same topic.  I'm responding to your main post.

Hi Christopher,

My original post is more than 2 years old, but the issue was never resolved.

I had sent the router to a company in the US that claimed they could do it, and it came back stone dead. (No LED indicators, no RS232 response anymore).

Either they repaired it to death, or just swapped the mainboard with a DUD.

I had not recorded the mainboard serial number before sending it off, (My bad) so I had no leverage.


Before sending it for "so-called repair" I have tried loading it with older versions of the IOS, and I tried several low-level hardware things like resetting the ROM chip during boot trying to cause an unspecfied error (Kernel panic) and to get the router to reveal something or to get into rommon mode. I don't have enough low-level hardware knowledge, but I can identify the reset-pin on a given chip and try all kind of blind and non-destructive things.

Bottom line: That $500 piece of equipment wound up on the shelf, waiting to be used as spare-part repository. The fan is good, the power supply is good. I have a hard time to write off equipment because of a lost password, but that was the end of the story.

Oh for goodness sake.

Here's the link:

http://www.heinzulm.com/password.php

I've successfully used this process and added a last item on my list:  Kill the idi0t who disabled the password recovery.

Hello,

A friend of mine has once told me that he had a similar problem. His 1841 was running IOS c1841-advipservicesk9-mz.123-8.T11.bin and he had configured the no service password-recovery. He was unpleasantly surprised to meet the same troubles as you - while hitting the Ctrl+Break key several times during the boot process, the router just ignored him.

Eventually, the solution he found was trivial. He took out the Compact Flash card and replaced the old IOS on it with a new one on a different router. Then he booted the 1841 with the new IOS and managed to get the Ctrl+Break key working as expected (the router will erase the configuration instead of ignoring it). The IOS he was successful with was the c1841-advipservicesk9-mz.124-20.T.bin and I assume that it will work also with more recent IOSes.

Give it a try.

Best regards,

Peter

By the way - while digging in old posts, some sentences made me wonder:

First:

>>>>

With this feature enabled, a hacker with physical access to the router cannot enter the ROMMON and ignore the startup config.

<<<<

A hacker with physical access is usually not a hacker but a thief or an intruder on the premises. Hackers work remotely - usually, generally.

Second:

>>>>

For genuine users who have forgotten the password and want to recover the router on which this feature is already enabled, an enhancement to this feature has been made which makes the router to accept the break signal within 5 seconds after rebooting. The user now has the option to boot the router with factory default config.

<<<<

In THAT case, what is the difference between a hacker with physical access and a genuine user with physical access who has just forgotten the password? (Both can carry a laptop with a RS232 port and a cable, not?)

Sure you may be quoting contents in your post, but still the lack of distinction between hacker and legitimate user in this scenario is striking.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco